It was found by a Czech cybersecurity firm Avast that the Candiru, or Saito Tech, was directly linked to the exploitation of the Google Chrome zero-day flaw. Candiru has had a history of using previously unknown flaws to their advantage by deploying Windows malware. This malware was named DevilsTongue and had a modular implant with Pegasus-like capabilities.
After the revelation, Candiru has added to the entity list by the US Commerce Department for engaging in malicious cyber activities. Candiru was joined by NSO Group, Positive Technologies, and Computer Security Initiative Consultancy PTE. LTD.
Candiru mainly took advantage of a vulnerability called CVE-2022-2294, which is memory corruption. This corruption occurs in the WebRTC component of the Google Chrome browser leading to shellcode execution.
The same issue was found in Apple’s Safari and Microsoft’s Edge browsers but has since been patched. Google also addressed the issue in July.
These findings by Avast bring to light the multiple attack campaigns that Israeli hack-for-hire vendors have mounted. They had previously been inactive but have now returned with a revamped toolset in March 2022. The main target of their attacks seems to be users in Palestine, Yemen, Turkey, and Lebanon.
Spotted first in Lebanon, the attackers would inject the malicious code through an actor-controlled domain responsible for redirecting potential victims to an exploitative server. Through this watering hole technique, a profile is created consisting of 50 data points about the victim’s profile.
The data collected includes screen information, device type, referrer, timezone, screen information, language, browser plugins, etc.
- Data Room for Startups: Prioritize Your Business Ideas
- 3 Best Data Rooms For Successful Businesses
- Consider Outsourcing Cybersecurity Services For Your Business
- How Much Does It Cost to Install a Home Security System?
- Huawei, ZTE Gear Removal from US Telecom Network to be More Expensive Than Anticipated
- State-Backed Hackers Hiding Behind Ransomware To Conduct Cyber Espionage Attacks
- Some Tips to Secure Your Digital Wallet from Hackers!